Tech 4 months ago

Dennis Wafula

Bug bounty hunter exposes Monero bug enabling theft from exchanges

Privacy-centric altcoin Monero was discovered to have been carrying a bug that allows hackers to steal coins directly from cryptocurrency exchanges.

According to reports, the hackers managed to make use of old-fashioned social engineering to forge transaction data and use it to manipulate the support staff into crediting their accounts manually with extra XMR. The bug planted by the hackers multiplied the transactions, making it easier for the staff to approve dodgy transactions and credit these accounts. Reports showed that the attackers could exploit this repeatedly until they completely siphon all the money on an exchange.

Jason Rhineland, a Canadian Ph.D. candidate in Economics at Queens University, submitted a post on HackerOne revealing the system vulnerability. At the time of his post, the “business logic errors” are still active in Monero’s system. The bug was ranked 9 out of a possible 10, making it a “critical” in terms of severity.

Reports also show that the bug affected other Monero-based coins. According to reports, the attackers managed to steal ARQ coins from Altex, a wallet exchange desk. Altex has already alerted its users and all other virtual currencies in the ecosystem about the issue. It also suspended operations until proper measures have been put in place. It is yet unclear how much money the operator lost during the hack. The small operator said that they have suffered a big loss.

Reports on the HackerOne bug bounty program showed that five more operators have been affected by the recent attack on Monero’s system in the last 24 hours. The flaw has since been fixed in Monero’s system, but it is still unclear whether other affected systems have tackled the issue.

Bug bounty programs have helped stop many hacking threats by pointing out system shortcoming beforehand. Virtual exchanges and other cryptocurrency business are benefiting from these programs. Just a few weeks ago, bug bounties collected $24,000 in one week from four different blockchain projects.

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Satoshi Vision (BSV) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BSV is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

COMMENT

Add a Comment

lastest news

Australian insurance company asks, “Where’s the beef?”

Tech 4 hours ago

Australian insurance company asks, “Where’s the beef?”

An insurance company working for the truck and transport industry in Australia wants to know where’s the beef. According to a report on Australasian Transport News (ATN), National Transport Insurance (NTI) has begun a partnership ...

Read More
Wirex now supports IBAN system for its crypto debit cards

Tech 1 day ago

Wirex now supports IBAN system for its crypto debit cards

Cryptocurrency enthusiasts in the European Economic Area (EEA) can now take advantage of the Wirex crypto debit card in even more ways. Wirex has announced that cardholders across the EEA are able to add funds ...

Read More
Developer shows how double spending can occur on Bitcoin SV misses mark

Tech 2 days ago

Developer shows how double spending can occur on Bitcoin SV misses mark

One of the reasons cryptocurrency hasn’t taken off as an alternative to fiat as quickly as many enthusiasts would like is because there is generally a wait time associated with the transactions. This delay is ...

Read More